tedivm

Honorary Members
  • Content count

    237
  • Joined

  • Last visited

About tedivm

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://www.tedivm.com
  • ICQ
    0
  1. What is the firewall? What happens if you turn MBAM on and attempt to update it?
  2. Highwinds is one of our content deliver partners, and I am very confident in their security. I've personally sat down with a few of their employees, from VPs to Engineers- we have strong relationships with all of our CDNs. Their servers are setup only for HTTP and HTTPS traffic, which is what our application uses to retrieve information and updates from our servers. Our applications are client driven when it comes to their server/client communications. In other words, our application makes requests of the servers, but the servers never directly reach out to the application. From what I have read so far this strongly looks like a false positive from the firewall. We can look into this further, but to do that we need more information. What ports are being scanned, and at what rate? What firewall are you using?
  3. We're working to resolve the issue with Softlayer, but at the time I do not believe that this is a false positive. Please keep in mind we have a great relationship with Softlayer- if you check the IP address of this forum itself you'll notice it's hosted on their network. They are typically very quick with responding to these types of things, so it'll be resolved soon.
  4. It looks like the IP address will be removed in the next update (which should be in the next hour or so).
  5. I'm looking into this right now, we should have a response for you in a bit.
  6. Yesterday we had a failure with these forums (as I'm sure many of you noticed) that caused us to go offline for an extended bit of time. While we were able to correct the problem, there unfortunately was a bit of data corruption with our primary backup system and we had to dig a little deeper to properly restore things. What this essentially means is that we've lost a little over a week's worth of posts. I'd like to personally apologize for any inconvenience this has caused, and want to assure you that we're taking action to prevent this from happening again. Thanks for your understanding.
  7. We do compatibility testing all the time- our QA team constantly goes through and checks to see how we work with other vendors. Besides simple testing we also have a number of design features that make us less likely to conflict with existing software. The way we detect threats is very different than AVs, which means conflicts should happen very very rarely. Even without that a simultaneous detection should not be an issue- if it did occur the user would simple have to tell one engine to ignore it so the other can remove it. This isn't to say that problems don't ever occur, but when they do we get them cleared up very quickly.
  8. AP2012, I just wanted to let you know I'm looking into this now and will get an answer for you soon.
  9. I'm not sure what happened here- I'll speak with our support team right away to try and get this resolved. Sorry for the trouble.
  10. Hey guys, I just wanted to step in here for a second and kind of summarize things so far, as well as give you guys an idea of what's going on behind the scenes. This is a very, very tough situation. On the one hand we have a a group of websites, hosted through CloudFlare, that are actively pushing drive by exploits. What this means is that people who go to those sites are getting exploited and potentially have no idea of knowing this. On the other hand we have a lot of innocent websites which are doing nothing wrong, but are caught in the cross fire. This is a situation we have some experience with. We at Malwarebytes use Edgecast for content delivery- a service somewhat similar to CloudFlare, in that they distribute our main page to various nodes all over the world for easier delivery. We also use a multitude of other CDNs for delving updates- and sometimes they get blocked and we're caught in the crossfire as well. Its a sucky situation. Of course, we're also on the other side of this- we do the blocking when we need to. What most people don't see is the huge amount of effort we do to keep people from being blocked. The vast majority of people pushing malware out do so without knowing or intending to- something as simple as an outdated wordpress install can be the vector which an innocent site gets used to push malware. We also know that a lot of people use CDN's or shared hosts, so blocking one site could mean blocking far more. We work with a lot of CDN's and webhosts to keep them off blacklists- and we always email the abuse teams before adding them. Nine times our of ten the malware gets removed within hours or our email, and no blacklisting is required. Unfortunately there are cases were simply removing the malware isn't enough- not all websites are innocent. Some people are actually pushing the malware on purpose, so when the third party host (such as the CDN or shared web host) remove the offending URL, the people running the site simply change the URL being used. In this case we try to work with the providers to fix the issue, but if it is unable to happen we blacklist the URL. Now, I want to be very clear about something- we do not blacklist information. We are not censors- knowing how to make malware is not in itself a bad thing. If it wasn't for people learning these skills, we wouldn't have researchers protecting our users. We will not block someone just for posting information. We won't even block people for hosting malware if they're doing it safely. The thing we block is people hosting active exploits or active malware that will infect users without their knowledge. Unfortunately this CloudFlare situation has escalated further than I think anyone intended. We have a lot of respect for CloudFlare- I met Matt at DefCon last year, where he gave a fantastic talk about dealing with the Slowloris attack, as well as the challenges of hosting an activist group like Lulsec. I feel a lot of what's going on right now is more miscommunication than anything, but from my understanding Marcin and Matt are now in direct contact and this should be resolved soon. I know this is not an ideal situation, but I assure you everyone involved is doing what they feel is right to protect their users and there is no malicious intent here. We're working as quickly as we can to get this current issue resolved, and I'm hoping this will be a learning experience for future issues. We'll have an update as with more information soon.
  11. I am *really* sorry that it appears we are not paying attention to this- I assure you we are. Unfortunately the timing kind of sucked- on Friday we had a bit of downtime (as I'm sure some of you noticed) as we had to deal with the largest DDoS we've faced to date. Since then Ted and I have been working on making sure our infrastructure is stable (which, with the exception of some forum downtime on friday, I'm happy to say we've been fairly successful doing). During the next week I will be compiling a list of all of your complaints, recommendations and comments about the new forum theme and any functionality changes. Once that list is in place we'll work with our theme designers to get those changes implemented as quickly as possible. Again, I'm sorry for the trouble here. To be perfectly honest, we are all getting tired of all the trouble that comes with each IPB update, and we'll be working to find some solutions to make this less rocky in the future. Thanks for your patience and bug reports! Robert
  12. We couldn't for backwards compatibility reasons.
  13. You could use two different browsers, with one logged into each account. If you're using Chrome (or another browser with a privacy mode) you could log into one account regularly and go into "incognito mode" to log into the other.
  14. For the last day we've been dealing with some issues in the South East regions of the US where deliverability- of both our website and updates- was slow or in some cases nonexistent. We have routed around the issue and should be good now, but if anyone is still seeing issues they should contact us. Sorry for the inconvenience on this.
  15. Are you getting the exact same error code as JonathanPDX was? The 407 indicates that you may be running through a proxy server, and that it is what is denying access to the updates.